package com.ynet.middleground.oss.oauth.server;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

import com.ynet.middleground.oss.common.AuthExceptionEntryPoint;
import com.ynet.middleground.oss.common.AuthorityAccessDeniedHandler;

/**
 *
 * @author Suremotoo
 * @description 资源服务器配置（后续可以考虑分离）
 * @create 2019-05-09 12:00
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_DEMO_ID = "resource_oss";
    // private static final String RESOURCE_FDC_ID = "resource_demo";

    @Autowired
    private AuthExceptionEntryPoint authExceptionEntryPoint;

    @Autowired
    private AuthorityAccessDeniedHandler authorityAccessDeniedHandler;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_DEMO_ID).stateless(true).accessDeniedHandler(authorityAccessDeniedHandler)
            .authenticationEntryPoint(authExceptionEntryPoint);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.anonymous().disable().authorizeRequests()
            // .antMatchers("/demo/**").access("hasRole('ADMIN')")
            .antMatchers("/**").authenticated().anyRequest().authenticated().and().exceptionHandling()
            // .accessDeniedHandler(new OAuth2AccessDeniedHandler());
            .accessDeniedHandler(authorityAccessDeniedHandler).authenticationEntryPoint(authExceptionEntryPoint);
    }

}